istio-operator copied to clipboard
An operator that manages Istio deployments on Kubernetes
Istio operator
Istio operator is a Kubernetes operator to deploy and manage Istio resources for a Kubernetes cluster.
This is the second/revamped version of the original Banzai Cloud Istio operator. Istio has evolved a lot over the last releases and while we kept up with that with the original Istio operator, we felt like a complete rewrite was needed to more naturally support the new Istio architecture and all of its new features.
Istio is an open platform to connect, manage, and secure microservices and it is emerging as the standard
for building service meshes on Kubernetes.
The goal of the Istio-operator is to enable popular service mesh use cases (multi cluster topologies, multiple gateways support etc) by introducing easy to use higher level abstractions.
In this README
- Getting started
- Issues, feature requests
- Contributing
- Got stuck? Find help!
Getting started
- kubectl installed
- kubernetes cluster (version 1.20+)
- active kubecontext to the kubernetes cluster
Build and deploy
Download or check out the latest stable release.
Run make deploy
to deploy the operator controller-manager on your kubernetes cluster.
Check if the controller is running in the istio-system
$ kubectl get pod -n istio-system
istio-operator-controller-manager-6f764787c-rbnht 2/2 Running 0 5m18s
Deploy the Istio control plane sample to the istio-system
$ kubectl -n istio-system apply -f config/samples/servicemesh_v1alpha1_istiocontrolplane.yaml created
Label the namespace, where you would like to enable sidecar injection for your pods. The label should consist of the name of the deployed IstioControlPlane and the namespace where it is deployed.
$ kubectl label namespace demoapp
namespace/demoapp labeled
Deploy the Istio ingress gateway sample to your desired namespace
$ kubectl -n demoapp apply -f config/samples/servicemesh_v1alpha1_istiomeshgateway.yaml created
Deploy your application (or the sample bookinfo app).
$ kubectl -n demoapp apply -f
service/details created
serviceaccount/bookinfo-details created
deployment.apps/details-v1 created
service/ratings created
serviceaccount/bookinfo-ratings created
deployment.apps/ratings-v1 created
service/reviews created
serviceaccount/bookinfo-reviews created
deployment.apps/reviews-v1 created
deployment.apps/reviews-v2 created
deployment.apps/reviews-v3 created
service/productpage created
serviceaccount/bookinfo-productpage created
deployment.apps/productpage-v1 created
Verify that all applications pods are running and have the sidecar proxy injected. The READY column shows the number of containers for the pod: this should be 1/1 for the gateway, and at least 2/2 for the other pods (the original container of the pods + the sidecar container).
$ kubectl get pod -n demoapp
details-v1-79f774bdb9-8xqwj 2/2 Running 0 35s
imgw-sample-66555d5b84-kv62w 1/1 Running 0 7m21s
productpage-v1-6b746f74dc-cx6x6 2/2 Running 0 33s
ratings-v1-b6994bb9-g9vm2 2/2 Running 0 35s
reviews-v1-545db77b95-rdmsp 2/2 Running 0 34s
reviews-v2-7bf8c9648f-rzmvj 2/2 Running 0 34s
reviews-v3-84779c7bbc-t5rfq 2/2 Running 0 33s
Deploy the VirtualService and Gateway needed for your application.
For the demo bookinfo application, you need to modify the Istio Gateway entry! The spec.selector.istio
field should be set from ingressgateway
to imgw-sample
so it will be applied to the sample IstioMeshGateway deployed before. The port needs to be set to the targetPort of the deployed IstioMeshGateway.
curl | sed 's/istio: ingressgateway # use istio default controller/istio: imgw-sample/g;s/number: 80/number: 9080/g' | kubectl apply -f -
$ kubectl -n demoapp apply -f bookinfo-gateway.yaml created created
To access your application, use the public IP address of the imgw-sample
LoadBalancer service.
$ IP=$(kubectl -n demoapp get svc imgw-sample -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
$ curl -I $IP/productpage
HTTP/1.1 200 OK
content-type: text/html; charset=utf-8
content-length: 4183
server: istio-envoy
date: Mon, 02 May 2022 14:20:49 GMT
x-envoy-upstream-service-time: 739
Issues, feature requests
Please note that the Istio operator is constantly under development and new releases might introduce breaking changes. We are striving to keep backward compatibility as much as possible while adding new features at a fast pace. Issues, new features or bugs are tracked on the projects GitHub page - please feel free to add yours!
If you find this project useful here's how you can help:
- Send a pull request with your new features and bug fixes
- Help new users with issues they may encounter
- Support the development of this project and star this repo!
Got stuck? Find help!
Community support
If you encounter any problems that is not addressed in our documentation, open an issue or talk to us on the Banzai Cloud Slack channel #istio-operator..
Engineering blog
We occasionally write blog posts about Istio itself and the Istio operator.
Copyright (c) 2021 Cisco Systems, Inc. and/or its affiliates
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.